yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/netcore/netcore' into netcore/feature/macros

Browse Source 
Signed-off-by: Bjarke Berg <mail@bergmania.dk>

# Conflicts:
#	src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
This commit is contained in:
Bjarke Berg
2020-06-10 12:02:53 +02:00
parent 9aea7039d2 1278b53e7f
commit 96fee753b4
79 changed files with 881 additions and 1423 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
View File

@@ -8,11 +8,12 @@ using Umbraco.Core.Mapping;
using Umbraco.Core.Models.Membership;
using Umbraco.Core.Services;
using Umbraco.Extensions;
using Umbraco.Web.BackOffice.Security;
using Umbraco.Web.BackOffice.Filters;
using Umbraco.Web.Common.Attributes;
using Umbraco.Web.Common.Controllers;
using Umbraco.Web.Common.Exceptions;
using Umbraco.Web.Common.Filters;
using Umbraco.Web.Common.Security;
using Umbraco.Web.Models;
using Umbraco.Web.Models.ContentEditing;
using Umbraco.Web.Security;
@@ -67,6 +68,29 @@ namespace Umbraco.Web.BackOffice.Controllers
return false;
}
/// <summary>
/// Returns the currently logged in Umbraco user
/// </summary>
/// <returns></returns>
/// <remarks>
/// We have the attribute [SetAngularAntiForgeryTokens] applied because this method is called initially to determine if the user
/// is valid before the login screen is displayed. The Auth cookie can be persisted for up to a day but the csrf cookies are only session
/// cookies which means that the auth cookie could be valid but the csrf cookies are no longer there, in that case we need to re-set the csrf cookies.
/// </remarks>
[UmbracoAuthorize]
[TypeFilter(typeof(SetAngularAntiForgeryTokens))]
//[CheckIfUserTicketDataIsStale] // TODO: Migrate this, though it will need to be done differently at the cookie auth level
public UserDetail GetCurrentUser()
{
var user = _webSecurity.CurrentUser;
var result = _umbracoMapper.Map<UserDetail>(user);
//set their remaining seconds
result.SecondsUntilTimeout = HttpContext.User.GetRemainingAuthSeconds();
return result;
}
/// <summary>
/// Logs a user in
/// </summary>

11
src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
View File

@@ -16,9 +16,9 @@ using Umbraco.Core.Services;
using Umbraco.Core.WebAssets;
using Umbraco.Extensions;
using Umbraco.Web.BackOffice.Filters;
using Umbraco.Web.BackOffice.Security;
using Umbraco.Web.Common.ActionResults;
using Umbraco.Web.Common.Attributes;
using Umbraco.Web.Common.Security;
using Umbraco.Web.Models;
using Umbraco.Web.WebAssets;
using Constants = Umbraco.Core.Constants;
@@ -50,8 +50,7 @@ namespace Umbraco.Web.BackOffice.Controllers
IGridConfig gridConfig,
BackOfficeServerVariables backOfficeServerVariables,
AppCaches appCaches,
BackOfficeSignInManager signInManager // TODO: Review this, do we want it/need it or create our own?
)
BackOfficeSignInManager signInManager)
{
_userManager = userManager;
_runtimeMinifier = runtimeMinifier;
@@ -179,7 +178,7 @@ namespace Umbraco.Web.BackOffice.Controllers
/// otherwise process the external login info.
/// </summary>
/// <returns></returns>
private async Task<IActionResult> RenderDefaultOrProcessExternalLoginAsync(
private Task<IActionResult> RenderDefaultOrProcessExternalLoginAsync(
Func<IActionResult> defaultResponse,
Func<IActionResult> externalSignInResponse)
{
@@ -191,9 +190,9 @@ namespace Umbraco.Web.BackOffice.Controllers
//check if there is the TempData with the any token name specified, if so, assign to view bag and render the view
if (ViewData.FromTempData(TempData, ViewDataExtensions.TokenExternalSignInError) ||
ViewData.FromTempData(TempData, ViewDataExtensions.TokenPasswordResetCode))
return defaultResponse();
return Task.FromResult(defaultResponse());
return defaultResponse();
return Task.FromResult(defaultResponse());
//First check if there's external login info, if there's not proceed as normal
// TODO: Review this, not sure if this will work as expected until we integrate OAuth